-
-
2. Re: Jboss Authentication
I think this might be it...
In your web.xml your declare:
<url-pattern>/*</url-pattern>
to be the secured area. This is where your login page resides, so it is protected and cannot be accessed without logging in first!!!
I suggest making another folder in your auth.war, i.e. "secured" and putting all pages that you want secured in it (foo.html, etc.)
Then change the above line in the web.xml to match:
<url-pattern>secured/*</url-pattern>
Just remember to include the "secured" (the name of the folder with the secured pages) in your path when you try to access the secured page. You should be redirected to the login page at that time.
Hope this works for you,
Brian -
3. Re: Jboss Authentication
I gave it a try and I still get the same error
------------
Apache Tomcat/4.0.3 - HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
-----------------
some questions please
1. Do I have to modify the auth.conf file ? or do I need to specify the permissions in some other file that I am missing?
2. I think the /* should work since I get the login page it validates correctly the users. Fetches to the DB are done without a problem etc.... the problem is when I am authenticated and the page to be display has no permissions to be displayed. Well at least that's what I think is going on.
any other clues?